Release version 2.11.5

CHANGELOG.md

@@ -4,6 +4,34 @@ Please make sure to always read our [Upgrading](doc/80-Upgrading.md) documentati
 
 ## What's New
 
+### What's New in Version 2.11.5
+
+**Notice:** This is a security release. It is recommended to upgrade _immediately_.
+
+### Vulnerabilities, Closed
+
+Cross site scripting is one of the worst attacks on web based platforms. Especially, if carrying it out is as easy as
+the first two mentioned here. You might recognize the open redirect on the login. You are correct, we attempted to fix
+it already with v2.11.3 but underestimated PHP's quirks. The last is difficult to exploit, hence the lowest severity
+of all, but don't be fooled by that!
+
+* XSS in embedded content [CVE-2025-27405](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-3x37-fjc3-ch8w)
+* DOM-based XSS [CVE-2025-27404](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-c6pg-h955-wf66)
+* Open redirect on login page [CVE-2025-30164](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-8r73-6686-wv8q)
+* Reflected XSS [CVE-2025-27609](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5cjw-fwjc-8j38)
+
+Big thanks to all finders / reporters! :+1:
+
+### Bugs, Exterminated
+
+Did you know, that we started [Icinga Notifications](https://icinga.com/docs/icinga-notifications/latest/) with support
+for PostgreSQL first? Reason for that is, we wanted to make sure we are fully compatible with it right away. To ensure
+things like logging in with a PostgreSQL authentication/group backend is case-insensitive, like it was always the case
+for MySQL. Now it **really** is case-insensitive!
+
+* Login against Postgres DB is case-sensitive [#5223](https://github.com/Icinga/icingaweb2/issues/5223)
+* Role list has no functioning quick search [#5300](https://github.com/Icinga/icingaweb2/issues/5300)
+
 ### What's New in Version 2.11.4
 
 You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/78?closed=1).

VERSION

@@ -1 +1 @@
-v2.11.4
+v2.11.5

library/Icinga/Application/Version.php

@@ -8,7 +8,7 @@ namespace Icinga\Application;
  */
 class Version
 {
-    const VERSION = '2.11.4';
+    const VERSION = '2.11.5';
 
     /**
      * Get the version of this instance of Icinga Web 2

modules/doc/module.info

@@ -1,4 +1,4 @@
 Module: doc
-Version: 2.11.4
+Version: 2.11.5
 Description: Documentation module
  Extracts, shows and exports documentation for Icinga Web 2 and its modules.

modules/migrate/module.info

@@ -1,5 +1,5 @@
 Module: migrate
-Version: 2.11.4
+Version: 2.11.5
 Description: Migrate module
  This module was introduced with the domain-aware authentication feature in version 2.5.0.
  It helps you migrating users and user configurations according to a given domain.

modules/monitoring/module.info

@@ -1,5 +1,5 @@
 Module: monitoring
-Version: 2.11.4
+Version: 2.11.5
 Description: Icinga monitoring module
  IDO accessor and UI for your monitoring. This is the initial instalment for a
  graphical presentation of Icinga environments. The predecessor of Icinga DB.

modules/setup/module.info

@@ -1,5 +1,5 @@
 Module: setup
-Version: 2.11.4
+Version: 2.11.5
 Description: Setup module
  Web based wizard for setting up Icinga Web 2 and its modules.
  This includes the data backends (e.g. relational database, LDAP),

modules/test/module.info

@@ -1,5 +1,5 @@
 Module: test
-Version: 2.11.4
+Version: 2.11.5
 Description: Translation module
  This module allows developers to run (unit) tests against Icinga Web 2 and
  any of its modules. Usually you do not need to enable this.

modules/translation/module.info

@@ -1,5 +1,5 @@
 Module: translation
-Version: 2.11.4
+Version: 2.11.5
 Description: Translation module
  This module allows developers and translators to translate modules for multiple
  languages. You do not need this module to run an internationalized web frontend.